MCPcopy
hub / github.com/opencontainers/runc / maskDir

Function maskDir

libcontainer/rootfs_linux.go:1325–1327  ·  view source on GitHub ↗

maskDir mounts a read-only tmpfs on top of the specified path.

(path, mountLabel string)

Source from the content-addressed store, hash-verified

1323
1324// maskDir mounts a read-only tmpfs on top of the specified path.
1325func maskDir(path, mountLabel string) error {
1326 return mount("tmpfs", path, "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("nr_blocks=1,nr_inodes=1", mountLabel))
1327}
1328
1329// maskPaths masks the top of the specified paths inside a container to avoid
1330// security issues from processes reading information from non-namespace aware

Callers 2

mountCgroupV2Function · 0.85
maskPathsFunction · 0.85

Calls 1

mountFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…